PURPOSE / SCOPE:
ICOM seeks to ensure student, employee and organizational information is handled in a confidential, safe, and responsible manner in compliance with all applicable laws, rules, and regulations set forth by federal and state agencies.
DEFINITIONS:
Confidential information refers to sensitive, nonpublic information about students, employees, and the organization.
POLICY:
Employees may be exposed to a variety of student, employee, or organizational information that is deemed private and confidential. Employees are not to disclose information to unauthorized individuals. Confidential information includes information that identifies or describes an individual and the disclosure of which would constitute an unwarranted invasion of personal privacy. Examples of confidential employee and business information include home address and telephone number, medical information, birth date, social security number, family data, financial aid, performance evaluations, proprietary information, and academic peer review information.
Confidential personal or business information may be in hard copy form, electronic, or verbal communication and may not be used for personal reasons.
Requests for Information
Employees who receive requests for confidential information must follow the specific policy that applies to the request. For policy clarification and details, employees are to consult with the appropriate department. Proper handling of confidential information is imperative, such information should not be released without proper authorization.
- Student Records – access to student records are highly regulated with access given only for legitimate educational purposes. A federal law, Family Educational Rights and Privacy Act (FERPA), classifies most student record information as private. This information cannot be released to third parties (including parents) without signed consent from the student.
- Employee Records – employees may have access to their personnel file and supervisors may access their employees’ records that are not deemed confidential. Requests for such access is through the Office of Human Resources.
- Medical Records – employee medical records are retained within the Office of Human Resources, student medical records are retained within the Office of Student Affairs. Medical records have special protection under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). ICOM ensures the privacy and security of patient health information.
Sanctions
The consequences of mishandling confidential information (intentionally or unintentionally) follow ICOM’s progressive discipline policy which ranges from receiving instruction on proper handling of such information to disciplinary action, including termination.
PRIMARY POLICY OWNER:
Chief Legal and Compliance Officer
APPROVAL:
Effective: 8/27/21
Last Reviewed: 5/30/23
Review Requirement: 3 Years